.svg)
In March 2026, Maine became the latest in a growing number of states to adopt legislation regulating virtual currency kiosks (crypto ATMs) in the US. Maine's law builds on emergency legislation adopted by the state in June 2025, regulating virtual currency kiosks within the state’s money transmission framework and providing additional consumer protections specific to kiosks. Elsewhere, legislation to regulate crypto kiosks and implement consumer protection measures is, at the time of writing, awaiting the governor’s signature in Florida, Kansas, and Virginia.
The legislation reflects a regulatory pattern emerging across the US.
States are beginning to converge on a common regulatory framework for virtual currency kiosks, addressing consumer protection concerns and fraud risks through comprehensive legislation, plugging a gap left by federal supervision, which has remained primarily focused on anti-money laundering (AML) oversight.
The bigger picture
Virtual currency kiosks are increasingly becoming a policy focus for state legislators, particularly as fraud linked to crypto ATM transactions has grown. Maine is not alone in its adoption of a regulatory framework that addresses licensing, consumer protection, and fraud mitigation. Only three days after Maine’s governor signed Legislative Digest 1998 into law, Wyoming enacted House Bill 75, an act that prohibits any person from operating a virtual currency kiosk unless the person has been issued a license under the Wyoming Money Transmitters Act.
Meanwhile, in March 2026, Indiana became the first state to ban crypto kiosks outright, with legislation that states operators who violate the law have committed a deceptive act and grants the attorney general the authority to enforce the ban on both the operator and the owner of the premises on which the virtual currency kiosk is located.
While state legislators have focused on establishing formal laws, regulators have zeroed in on enforcement. In October 2025, the California Department of Financial Protection and Innovation (DFPI), often a regulatory trendsetter, announced that it had taken action against multiple crypto kiosk operators for consumer protection violations, including a $675,000 penalty against Coinhub for charging consumer fees above the statutory maximums and accepting cash transactions exceeding the legal daily limit. Less than a year later, in January 2026, Maine’s Bureau of Consumer Credit Protection announced it had entered into a $1.9m consent agreement with an operator of a bitcoin kiosk that recovers funds taken by third-party scammers who defrauded consumers through their kiosks.
Although approaches vary, recent state initiatives are beginning to converge around a consistent regulatory template addressing licensing requirements, transaction limits, recordkeeping requirements, and other consumer protection features such as pricing transparency and consumer warnings. For example, legislation in both Arizona and Colorado contains detailed disclosure, receipt, and fraud warning requirements, and states such as Rhode Island and Louisiana have adopted daily withdrawal limits ranging from $2,000 to $5,000.
As the state’s playbooks become more established, they are likely to evolve into a set of baseline expectations that regulators will apply even in jurisdictions that have yet to adopt kiosk-specific legislation.
At the federal level, crypto kiosks are not regulated on a standalone basis but instead are addressed indirectly through the Bank Secrecy Act as money service businesses, placing the regulatory focus on AML and the prevention of criminal activity. Although recent federal laws have not ignored crypto entirely, legislation such as the GENIUS Act focuses on the regulation of crypto-assets themselves rather than consumer-facing access points such as kiosks.
That said, federal regulators have begun to signal increased attention to the issue. In August 2025, the US Financial Crimes Enforcement Network issued a notice urging financial institutions to be vigilant in identifying and reporting suspicious activity involving crypto kiosks. Still, the absence of a comprehensive federal framework, and the fact that existing federal statutes were not designed with crypto kiosks in mind, has left a clear consumer protection gap that states are now stepping in to fill. Further, if state-level divergence continues to expand, pressure may build for a more coordinated federal response, particularly if inconsistencies begin to impact interstate operators or financial institutions.
Why should you care?
The emergence of kiosk-specific legislation indicates that state regulators are not focusing solely on digital asset platforms and exchanges. Instead, they are increasingly targeting the points of access where consumers interact with crypto. For entities that may not consider themselves “crypto companies”, this materially expands the scope of who falls within regulatory reach. These companies should reassess whether their products or services create exposure to compliance obligations and determine whether they fall within supervisory scope under the new state frameworks.
Virtual currency kiosks are not standalone products; they typically rely on payment processors, settlement providers, compliance vendors performing KYC or transaction monitoring, and merchant partners hosting machines in retail locations. The regulations have indirect compliance obligations for companies across the payments ecosystem. Entities providing infrastructure or services to kiosk operators may find themselves pulled into supervisory expectations, particularly as they relate to fraud prevention, transaction monitoring, and consumer disclosures. Payments and fintech firms should conduct third-party risk assessments on kiosk operators and ensure monitoring and controls are properly addressing fraud and consumer protection risks.
State regulators and attorney generals are signaling that enforcement risk is accelerating. Actions such as those taken by California’s DFPI demonstrate that regulators are willing to use existing consumer protection statutes to penalize excessive fees, transaction limits, and misleading practices. Even without formal crypto-kiosk legislation on the books, regulators expect operators to align with emerging standards or risk hefty fines or license revocation. Operators and their partners should review fee structures, transaction limits, and consumer disclosures now, rather than waiting for state-specific laws to be enacted.
While states may align on their desire for a regulatory framework, they diverge on the details. Continued divergence may also increase the likelihood of a more coordinated federal response, particularly if fragmentation begins to create friction at the cost of innovation or an overly complex burden for operators. The trajectory resembles money transmitter regulation, where states converged on frameworks such as the Money Transmission Modernization Act (MTMA), while continuing to apply it through distinct state licensing frameworks. Similar to state adoption of the MTMA, state licensing frameworks for crypto kiosks create a patchwork regulatory landscape, one in which operators must pay close attention to the varying consumer protection requirements in each jurisdiction in which they operate, or risk exposing themselves to enforcement action, and, in some cases, losing the ability to operate in key jurisdictions.
Virtual Currency Kiosk Laws
The table below identifies U.S. states that have enacted legislation governing virtual currency kiosks, including links to the primary legislative sources.
